Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer
File:                     qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer (raw, json)
Hash identifier:          /5vnjYqTWLA+SBUi7HVDG7EHcnPYNGPFW/kPVLaSO8g=
Subject key identifier:   A9:6E:23:41:D7:83:E5:93:4F:87:D0:5C:47:3F:C6:D2:B3:0D:9D:45
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B68FC9AEB31EE256BB451FEDE87EC9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.82.152.0/23
                          IP: 185.171.163.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8f:c9:ae:b3:1e:e2:56:bb:45:1f:ed:e8:7e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a96e2341d783e5934f87d05c473fc6d2b30d9d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c8:f4:cc:8b:ee:7a:64:60:30:62:8b:39:5d:
                    fc:13:c5:2a:94:79:d5:aa:64:88:a0:92:31:3f:8a:
                    ad:75:ef:74:43:f2:83:97:b0:e3:b5:b7:e5:09:51:
                    c8:d1:be:b4:ac:ac:b2:dd:f5:26:ea:32:6a:02:6e:
                    32:67:84:0a:64:1d:d0:10:74:49:4a:15:ab:fd:46:
                    36:5e:d1:27:25:29:85:13:e3:6c:c6:0d:19:73:61:
                    97:37:1f:46:5a:84:84:1c:cf:5c:fb:b6:f5:e8:02:
                    06:87:1e:5e:db:ff:7e:33:5a:c3:90:db:12:ab:d1:
                    0d:a8:a9:02:76:7b:ab:e4:bf:44:b1:b5:41:86:36:
                    84:04:db:46:9d:20:f9:fc:70:56:10:0c:46:df:3d:
                    5f:f4:4f:82:e7:62:d0:a2:19:75:8d:e1:57:c1:a1:
                    7f:42:fe:90:41:26:cc:94:de:b5:f3:50:94:f1:15:
                    36:5c:c2:82:a9:d3:c0:22:29:a6:50:e0:01:13:5f:
                    cb:d3:24:1c:62:c0:a5:42:88:16:3f:36:09:fd:37:
                    16:67:55:cb:79:0c:27:2a:bf:85:c3:6c:05:08:48:
                    57:e9:56:70:d1:ba:72:c9:52:86:e7:f5:7a:fe:83:
                    1e:46:88:ff:2f:d4:6f:00:21:d7:49:e8:10:5d:e3:
                    b0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6E:23:41:D7:83:E5:93:4F:87:D0:5C:47:3F:C6:D2:B3:0D:9D:45
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.152.0/23
                  185.171.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:29:24:b7:8f:a8:4d:f4:1c:0e:ac:4b:d7:d1:3d:c7:4a:bc:
         7f:15:e9:0a:57:a2:ac:0e:94:82:b7:89:1a:2a:2d:23:85:2e:
         e6:46:3e:0e:e6:e3:7b:71:06:b9:8f:ab:98:cd:0a:90:cc:44:
         c2:7b:ba:0e:46:54:49:1c:b2:8d:53:bf:49:a7:44:89:8c:15:
         9e:00:03:1a:51:fe:53:e9:b0:7d:e6:4a:95:a4:6a:a7:86:8c:
         74:7f:45:20:ec:96:f7:67:ea:3b:fe:72:cf:fc:b1:b0:ae:3e:
         03:12:fe:1b:45:c0:45:c9:dd:bf:56:2a:4a:53:9a:28:e1:73:
         28:14:a5:c9:46:c0:bc:ce:be:b2:d7:b9:fe:27:8f:2c:79:9f:
         7e:40:b5:4b:e3:5f:ec:13:06:94:27:a4:25:69:d1:93:50:c3:
         1c:5c:70:fd:5d:2d:0f:3c:74:f7:96:cd:c3:14:da:78:06:1f:
         17:8f:a8:4a:89:ef:ed:b3:03:fd:20:fe:35:3f:9c:c1:3b:86:
         4d:43:b7:ea:71:ee:8a:aa:dc:e0:84:cf:e4:f4:0a:1e:42:da:
         80:3b:01:96:88:90:2e:6c:48:07:7e:78:c4:f4:71:a1:ff:3f:
         a8:a2:76:d8:a9:8c:ed:01:6b:ea:52:f6:94:7b:f3:2c:73:7e:
         dc:e8:70:7c
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzDto/JrrMe4la7RR/t6H7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZlMjM0MWQ3ODNlNTkzNGY4N2QwNWM0NzNmYzZkMmIzMGQ5ZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cj0zIvuemRgMGKLOV38E8UqlHnV
qmSIoJIxP4qtde90Q/KDl7DjtbflCVHI0b60rKyy3fUm6jJqAm4yZ4QKZB3QEHRJ
ShWr/UY2XtEnJSmFE+Nsxg0Zc2GXNx9GWoSEHM9c+7b16AIGhx5e2/9+M1rDkNsS
q9ENqKkCdnur5L9EsbVBhjaEBNtGnSD5/HBWEAxG3z1f9E+C52LQohl1jeFXwaF/
Qv6QQSbMlN6181CU8RU2XMKCqdPAIimmUOABE1/L0yQcYsClQogWPzYJ/TcWZ1XL
eQwnKr+Fw2wFCEhX6VZw0bpyyVKG5/V6/oMeRoj/L9RvACHXSegQXeOwTQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFKluI0HXg+WTT4fQXEc/xtKzDZ1FMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3LzI1Nzkz
Mi1jMThmLTQxMWQtOWI2Zi02ZDQyMjU3YzhmNmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvMjU3OTMy
LWMxOGYtNDExZC05YjZmLTZkNDIyNTdjOGY2Yi8xL3FXNGpRZGVENVpOUGg5QmNS
el9HMHJNTm5VVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBuVKYAwQAuaujMA0GCSqGSIb3DQEBCwUAA4IB
AQBZKSS3j6hN9BwOrEvX0T3HSrx/FekKV6KsDpSCt4kaKi0jhS7mRj4O5uN7cQa5
j6uYzQqQzETCe7oORlRJHLKNU79Jp0SJjBWeAAMaUf5T6bB95kqVpGqnhox0f0Ug
7Jb3Z+o7/nLP/LGwrj4DEv4bRcBFyd2/VipKU5oo4XMoFKXJRsC8zr6y17n+J48s
eZ9+QLVL41/sEwaUJ6QladGTUMMcXHD9XS0PPHT3ls3DFNp4Bh8Xj6hKie/tswP9
IP41P5zBO4ZNQ7fqce6KqtzghM/k9AoeQtqAOwGWiJAubEgHfnjE9HGh/z+oonbY
qYztAWvqUvaUe/Msc37c6HB8
-----END CERTIFICATE-----